Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Statistics

The firewall Statistics page is a rolling summary of what the VMP Security WAF has been doing on your site. It is the page you check when someone asks “is anything attacking us right now?” or “has traffic spiked since last week?” The numbers are aggregated from the firewall’s own logs, so they reflect what was actually blocked at the firewall layer rather than what hit WordPress and was caught later.

In This Article

Statistics overview

Firewall statistics are spread across the Dashboard and Firewall pages rather than a dedicated “Statistics” submenu. The most useful views are:

  • Dashboard → Firewall Summary table. Counts of blocks for Today / This Week / This Month, broken down into Complex (WAF rule matches), Brute Force (login lockouts), Blocklist (Real-Time IP Blocklist matches — Premium), and Total.
  • Dashboard → Total Attacks Blocked chart. A 24-hour or 30-day chart showing aggregate attack volume across the whole VMP Security Network.
  • Dashboard → Firewall Detailed Summary. Counts of attacks blocked on this site for Today / Last 7 Days / Last 30 Days / All Time, with a paginated table of recent block events.
  • Firewall page. Summary tiles plus the Top Countries / Top IPs panels that the AJAX endpoints populate from the audit data.

Interpreting the numbers

A high blocked-request count is not automatically a sign that something is wrong. Most public WordPress sites get a constant background of opportunistic scans, and the firewall will quietly block those without you needing to do anything. What matters is the shape of the numbers, not the absolute count.

Some patterns worth paying attention to:

  • A sudden, sustained spike in a specific attack category usually means a new campaign is targeting a vulnerability that affects WordPress or a popular plugin. Cross-reference the date with our public security advisories, or your own update logs, to see whether you are affected.
  • One IP responsible for a huge fraction of blocks often means a single attacker is hammering your site. They are usually already blocked, but if you see the same IP appearing across many sites you manage, you may want to add it to a global allowlist of bad actors.
  • An unusual country distribution — lots of blocked traffic from countries that have no business reaching your site — can be a hint that Country Blocking would help reduce noise.
  • Almost no blocks at all on a public-facing site is unusual and may indicate the firewall is Disabled or is not loading correctly. Check Firewall → Firewall Options → Web Application Firewall Status and the Tools → Diagnostics tab if this looks too quiet.

Changing the timeframe

The Dashboard’s Total Attacks Blocked chart toggles between 24 Hours and 30 Days. The Firewall Detailed Summary lets you choose Today / Last 7 Days / Last 30 Days / All Time. Changing the timeframe re-aggregates the visible counts; underlying log retention is determined by your database housekeeping settings.

All firewall statistics are stored in WordPress database tables (vmpfence_waf_log, vmpfence_blocked_ips, etc.). Available history is therefore limited only by your database’s disk capacity and any retention rules you set.

Exporting and sharing data

You can export the current Blocked IPs list to a .txt file from the Blocking page (the Export Blocked IPs button on the Blocked IPs tab). For a richer dataset you can use Tools → Import/Export to back up settings and configuration, or query the underlying tables directly via WP-CLI / SQL.

If you manage many sites and want a fleet-wide view, connect the site to VMP Security Portal from the Dashboard — the Portal aggregates events across connected sites.

Contents